CVE-2014-2120
KEV
🔴 Łataj teraz
Luka XSS w stronie logowania WebVPN w Cisco ASA pozwala na zdalne wstrzyknięcie skryptu.
CVSS
6.1
EPSS
69.8%
Exploit
weaponized
Vendor
cisco
Opis źródłowy (NVD)
Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025.
xss
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.1 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 69.8% |
| Opublikowano (NVD) | 2014-03-19 01:15:04 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 18:07:39 UTC |
Referencje
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120 (psirt@cisco.com) [Broken Link, Vendor Advisory]
- http://www.securityfocus.com/bid/66290 (psirt@cisco.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1029935 (psirt@cisco.com) [Broken Link, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-2120 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]